forked from docs/doc-exports
zhoumeng35
7310adf178
Reviewed-by: Hajba, László Antal <laszlo-antal.hajba@t-systems.com> Co-authored-by: zhoumeng35 <zhoumeng35@huawei.com> Co-committed-by: zhoumeng35 <zhoumeng35@huawei.com>
94 lines
11 KiB
HTML
94 lines
11 KiB
HTML
<a name="nat_qs_0010"></a><a name="nat_qs_0010"></a>
|
|
|
|
<h1 class="topictitle1">Step 3: Add a DNAT Rule</h1>
|
|
<div id="body1534986796067"><div class="section" id="nat_qs_0010__section1272311025717"><h4 class="sectiontitle">Scenarios</h4><p id="nat_qs_0010__p2098647195715">After a public NAT gateway is created, add DNAT rules to allow servers in your VPC to provide services accessible from the Internet.</p>
|
|
<p id="nat_qs_0010__p5686195618474">You can configure a DNAT rule for each port on a server. If multiple servers need to provide services accessible from the Internet, create multiple DNAT rules.</p>
|
|
</div>
|
|
<div class="section" id="nat_qs_0010__section36544171152448"><h4 class="sectiontitle">Prerequisites</h4><p id="nat_qs_0010__p2560058615252">A public NAT gateway is available.</p>
|
|
</div>
|
|
<div class="section" id="nat_qs_0010__section61166376152513"><h4 class="sectiontitle">Procedure</h4><ol id="nat_qs_0010__ol59255157152617"><li id="nat_qs_0010__li25980584101236">Log in to the management console.</li><li id="nat_qs_0010__li840318282158">Click <span><img id="nat_qs_0010__en-us_topic_0118498823_image338921514480" src="en-us_image_0141273034.png"></span> in the upper left corner and select the desired region and project.</li><li id="nat_qs_0010__li1049617094325">In the upper left corner of the page, click <span><img id="nat_qs_0010__nat_qs_0003_en-us_topic_0118498850_image8750174734412" src="en-us_image_0000002021410433.png"></span> to expand the service list and choose <strong id="nat_qs_0010__nat_qs_0003_b3065415291">Network</strong> > <strong id="nat_qs_0010__nat_qs_0003_b287017595297">NAT Gateway</strong>.<p id="nat_qs_0010__nat_qs_0003_p1182103318256">The <strong id="nat_qs_0010__nat_qs_0003_b651411118300">Public NAT Gateways</strong> page is displayed.</p>
|
|
</li><li id="nat_qs_0010__li8610102724918">On the displayed page, click the name of the public NAT gateway on which you need to add a DNAT rule.</li><li id="nat_qs_0010__li188821748185212">On the public NAT gateway details page, click the <strong id="nat_qs_0010__b932774025311">DNAT Rules</strong> tab.</li><li id="nat_qs_0010__li7563844165416">Click <strong id="nat_qs_0010__b4254046202520">Add DNAT Rule</strong>.<div class="fignone" id="nat_qs_0010__fig648232499"><span class="figcap"><b>Figure 1 </b>Add DNAT Rule</span><br><span><img id="nat_qs_0010__image15489314494" src="en-us_image_0259133802.png"></span></div>
|
|
<p id="nat_qs_0010__p575717274335"></p>
|
|
</li><li id="nat_qs_0010__li54168351144127">Configure required parameters. For details, see <a href="#nat_qs_0010__table30787259144637">Table 1</a>.
|
|
<div class="tablenoborder"><a name="nat_qs_0010__table30787259144637"></a><a name="table30787259144637"></a><table cellpadding="4" cellspacing="0" summary="" id="nat_qs_0010__table30787259144637" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Descriptions of DNAT rule parameters</caption><thead align="left"><tr id="nat_qs_0010__row1287982144637"><th align="left" class="cellrowborder" valign="top" width="25%" id="mcps1.3.3.2.7.2.2.3.1.1"><p id="nat_qs_0010__p66523784144637"><strong id="nat_qs_0010__b11637162712319">Parameter</strong></p>
|
|
</th>
|
|
<th align="left" class="cellrowborder" valign="top" width="75%" id="mcps1.3.3.2.7.2.2.3.1.2"><p id="nat_qs_0010__p19717393144637"><strong id="nat_qs_0010__b1249912811318">Description</strong></p>
|
|
</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody><tr id="nat_qs_0010__row20452749101411"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.3.2.7.2.2.3.1.1 "><p id="nat_qs_0010__p930811171516">Scenario</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="75%" headers="mcps1.3.3.2.7.2.2.3.1.2 "><p id="nat_qs_0010__p82551491578">Select <strong id="nat_qs_0010__b13126164315525">VPC</strong> if your servers in a VPC need to share an EIP to provide services accessible from the Internet.</p>
|
|
</td>
|
|
</tr>
|
|
<tr id="nat_qs_0010__row1895714384610"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.3.2.7.2.2.3.1.1 "><p id="nat_qs_0010__p11008481568">Port Type</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="75%" headers="mcps1.3.3.2.7.2.2.3.1.2 "><p id="nat_qs_0010__p181028481868">The port type</p>
|
|
<ul id="nat_qs_0010__ul2946142220261"><li id="nat_qs_0010__li18947192262620"><strong id="nat_qs_0010__b1694282625110">All ports</strong>: All requests received by the gateway through all ports over any protocol will be forwarded to the private IP address of your server.</li><li id="nat_qs_0010__li73841225202617"><strong id="nat_qs_0010__b2052710189178">Specific port</strong>: Only requests received from a specified port over a specified protocol will be forwarded to the specified port on the server.</li></ul>
|
|
</td>
|
|
</tr>
|
|
<tr id="nat_qs_0010__row13591056167"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.3.2.7.2.2.3.1.1 "><p id="nat_qs_0010__p42842275144637">Protocol</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="75%" headers="mcps1.3.3.2.7.2.2.3.1.2 "><p id="nat_qs_0010__p113631314101313">The protocol can be TCP or UDP.</p>
|
|
<p id="nat_qs_0010__p1747101415356">This parameter is available if you select <strong id="nat_qs_0010__b1775485544614">Specific port</strong> for <strong id="nat_qs_0010__b16755255124616">Port Type</strong>. If you select <strong id="nat_qs_0010__b13755155512467">All ports</strong>, the value of this parameter is <strong id="nat_qs_0010__b117551455144617">All</strong> by default.</p>
|
|
</td>
|
|
</tr>
|
|
<tr id="nat_qs_0010__row43238809144637"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.3.2.7.2.2.3.1.1 "><p id="nat_qs_0010__p1901342115116">Public IP Address Type</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="75%" headers="mcps1.3.3.2.7.2.2.3.1.2 "><p id="nat_qs_0010__p480029104814">The EIP of the public NAT gateway</p>
|
|
<p id="nat_qs_0010__en-us_topic_0127293981_p578114194614">You can select an <span id="nat_qs_0010__text176787547255"></span><span id="nat_qs_0010__text2678125432516">EIP</span> that either has not been bound, has been bound to a DNAT rule of the current public NAT gateway with <strong id="nat_qs_0010__b05111728201418">Port Type</strong> set to <strong id="nat_qs_0010__b251112286140">Specific port</strong>, or has been bound to an SNAT rule of the current public NAT gateway.</p>
|
|
</td>
|
|
</tr>
|
|
<tr id="nat_qs_0010__row189841183384"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.3.2.7.2.2.3.1.1 "><p id="nat_qs_0010__p89861618173810">Public Port</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="75%" headers="mcps1.3.3.2.7.2.2.3.1.2 "><p id="nat_qs_0010__p6751144991213">The port of the EIP used by the NAT gateway for external communications</p>
|
|
<p id="nat_qs_0010__p17690405139">This parameter is only available if you select <strong id="nat_qs_0010__b12690170111312">Specific port</strong> for <strong id="nat_qs_0010__b186901404132">Port Type</strong>.</p>
|
|
<p id="nat_qs_0010__p18986618153813">Range: 1 to 65535</p>
|
|
<p id="nat_qs_0010__p1213391252">You can only enter a specific port number, for example, 80.</p>
|
|
</td>
|
|
</tr>
|
|
<tr id="nat_qs_0010__row147271843141017"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.3.2.7.2.2.3.1.1 "><p id="nat_qs_0010__p57875013218">Instance Type</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="75%" headers="mcps1.3.3.2.7.2.2.3.1.2 "><p id="nat_qs_0010__p79556174353">The type of the instance that will be providing services accessible from the Internet. Possible values are:</p>
|
|
<ul id="nat_qs_0010__ul595515177355"><li id="nat_qs_0010__li1195581793510"><strong id="nat_qs_0010__b6429111313265">Server</strong></li><li id="nat_qs_0010__li1495512177350"><strong id="nat_qs_0010__b9555141452617">Virtual IP address</strong></li><li id="nat_qs_0010__li6558685388"><strong id="nat_qs_0010__b576911516261">Custom</strong></li></ul>
|
|
</td>
|
|
</tr>
|
|
<tr id="nat_qs_0010__row35593477144637"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.3.2.7.2.2.3.1.1 "><p id="nat_qs_0010__p64499384144637">Private IP Address</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="75%" headers="mcps1.3.3.2.7.2.2.3.1.2 "><p id="nat_qs_0010__p47826341544">The IP address of the server in the NAT gateway's VPC and processes matching packets where requests will be forwarded to</p>
|
|
<p id="nat_qs_0010__p6921952172615">Configure the port of <strong id="nat_qs_0010__b1580810372202">Private IP Address</strong> if you select <strong id="nat_qs_0010__b1280853772014">Specific port</strong> for <strong id="nat_qs_0010__b18087378202">Port Type</strong>.</p>
|
|
</td>
|
|
</tr>
|
|
<tr id="nat_qs_0010__row541545101112"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.3.2.7.2.2.3.1.1 "><p id="nat_qs_0010__p999182312310">NIC</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="75%" headers="mcps1.3.3.2.7.2.2.3.1.2 "><p id="nat_qs_0010__p19569176359">The NIC of the server. This parameter is available if you set <strong id="nat_qs_0010__b8280152822618">Instance Type</strong> to <strong id="nat_qs_0010__b6280162811269">Server</strong>.</p>
|
|
</td>
|
|
</tr>
|
|
<tr id="nat_qs_0010__row1423724123219"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.3.2.7.2.2.3.1.1 "><p id="nat_qs_0010__p1323715410320">Private Port</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="75%" headers="mcps1.3.3.2.7.2.2.3.1.2 "><p id="nat_qs_0010__p19820819151210">The port of the server over which the originating requests will be forwarded</p>
|
|
<p id="nat_qs_0010__p3611203017122">This parameter is only available if you select <strong id="nat_qs_0010__b219022431219">Specific port</strong> for <strong id="nat_qs_0010__b1819010243128">Port Type</strong>.</p>
|
|
<p id="nat_qs_0010__p4994201474513">Range: 1 to 65535</p>
|
|
<p id="nat_qs_0010__p22373473214">You can only enter a specific port number, for example, 80.</p>
|
|
</td>
|
|
</tr>
|
|
<tr id="nat_qs_0010__row125944237172"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.3.2.7.2.2.3.1.1 "><p id="nat_qs_0010__p143001256183">Description</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="75%" headers="mcps1.3.3.2.7.2.2.3.1.2 "><p id="nat_qs_0010__p530016551816">Provides supplementary information about the DNAT rule. Enter up to 255 characters. Angle brackets (<>) are not allowed.</p>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</li><li id="nat_qs_0010__li559079041556">Click <strong id="nat_qs_0010__b12431164144112">OK</strong>.</li></ol>
|
|
<div class="notice" id="nat_qs_0010__note8499857814"><span class="noticetitle"><img src="public_sys-resources/notice_3.0-en-us.png"> </span><div class="noticebody"><p id="nat_qs_0010__p7499175712111">After you add a DNAT rule, add rules to the security group associated with the servers to allow inbound or outbound traffic. Otherwise, the DNAT rule does not take effect.</p>
|
|
</div></div>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="nat_qs_0006.html">Allowing Internet Users to Access a Service in a Private Network Using DNAT</a></div>
|
|
</div>
|
|
</div>
|
|
|